Senior Program Manager – EMEA Data Protection and Privacy Program, Medtronic, Heerlen, Limburg, Netherlands or Fridley, Minnesota USA

The Senior Program Manager, EMEA Data Protection and Privacy Program (“Program Manager”) position will be responsible for the project management of the activities relating to the preparation and achievement for General Data Protection Regulation (GDPR) and other relevant privacy regulations for the EMEA region. This project will cover all functions and business units. The position provides project management and business operational support for the development, implementation, and maintenance of privacy policies, standards, and practices to meet legal, regulatory and business requirements – with particular focus on the GDPR. While the EMEA privacy team is based in Heerlen, The Netherlands, the position is based in one of the following locations:  The Netherlands, or Belgium, Germany, France, UK, Switzerland, Spain, locations allowing easy travel to the Heerlen office as needed, or alternatively can be housed in the Minneapolis, Minnesota, USA offices at our Operational Head Quarters our Global Data Protection and Privacy team is based. The position reports into our Senior Director, Global Data Protection and Privacy Program. The Senior Program Manager closely collaborates with a network of professionals on the privacy team, legal, IT, compliance, businesses and regional management to implement and manage GDPR data protection and privacy requirements in an innovative global environment that is highly regulated. They will be accountable for overall program process, performance and customer satisfaction; will participate in establishing program objectives and plan; and work to solve complex, difficult and undefined problems and issues that typically impact multiple work streams and departments.  They will lead meetings and influence across functions and businesses while balancing divergent objectives.

Position Responsibilities:

The Program Manager collaborates and closely aligns with multiple data protection professionals, legal, IT, and business stakeholders to build and implement project and program management activities that meet legal and regulatory requirements – with initial focus on the new GDPR requirements. This will cover areas in all business units and functions, including IT and HR, and will see a number of work-streams being coordinated, planned and managed by the Program Manager. As the program moves from implementation to maintenance, the Program Manager’s focus will evolve to include privacy operations expertise for program oversight and ongoing program management. Key responsibilities include:

  • Serve as the key GDPR Data Protection and Privacy program implementation lead to provide subject matter expertise and drive overall project management for privacy implementation of GDPR and other regulatory data privacy requirements – including development of schedules, milestones, deliverables, and overall plans for projects.
  • Coordinate across relevant businesses/functions and key stakeholders to ensure that all GDPR privacy project deadlines are met.
  • Collaborate with Data Protection and Privacy professionals (DPP professionals), IT, legal, and businesses to provide guidance and assistance in the identification, implementation, and maintenance of organization data protection and privacy policies, procedures, and practices relating to meet privacy requirements within the businesses;
  • Collaborate with Legal, IT, business and other key stakeholders to ensure appropriate creation and maintenance of documentation of GDPR conditions for processing and other required documentation;
  • Collaborate with legal and global business units and functions to document, track and manage global privacy implementation and assessment projects and privacy program roadmap commitments;
  • Collaborate with key stakeholders to provide expertise and support relating to privacy training and awareness programs;
  • Provide reporting and other requested support to the Data Protection and Privacy Office in administering ongoing data protection and privacy program governance and monitoring including, but not limited to legitimate purpose, appropriate use, processing, international data transfers, storage, data subject rights, retention and destruction of data process as per instructions of another party or for Medtronic’s own purposes;
  • Collaborate with the Data Protection and Privacy Office, legal and business units and regions, to actively support development and implementation of annual data protection and privacy plan and objectives each fiscal year;
  • Create and maintain on-going routine and ad hoc reports and metrics, including GDPR and privacy project implementation status and escalation;
  • Collaborate with data protection and privacy professionals, IT, legal, and other key stakeholders to support development and implementation of a data privacy key risk monitoring plan that supports ongoing GDPR compliance;
  • Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the business and to the team;
  • Responsible for all other duties as assigned.



BS/ BA degree.


  • 7-10 years of IT, security, privacy, compliance or related complex program management experience in a large and/or global, multi businesses, and services organization.
  • 5-8 years in comparable role with advanced level of IT, security, privacy or compliance or related complex program management experience in a large and/or global, multi businesses and services organization, if applicant also holds a Master or other Advanced Degree.


  • Experienced Project Manager.
  • Experience managing and leading cross-functional teams without direct reporting relationships.
  • Experience developing and managing program documentation, leadership and governance reporting, and project plan development, implementation and tracking.
  • Experience in working in a global and matrixed IT systems, services or operations management environment.
  • Must possess methodological agility and an ability to balance short-term urgent less methodological projects while simultaneously building more mature, methodologically sound long-term program infrastructure.


  • Strong knowledge and demonstrated experience with program and project management
  • Detailed working knowledge of EU data protection legislation (including GDPR) and its practical implications.
  • Demonstrated cross-functional implementation management skills
  • Excellent written, verbal, and presentation communication skills across a broad range of stakeholders
  • Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)
  • Strong ability to work collaboratively and partner with a wide range of participants.
  • Demonstrated ability to work effectively across many levels of an organization, from VP to non-exempt staff
  • Demonstrated ability to work effectively across a matrixed or virtual organization and meet objectives
  • Demonstrated ability to effectively manage multiple priorities simultaneously.
  • Demonstrated ability to utilize excellent decision making skills.
  • Experience and demonstrated ability to present to a variety of audiences including the ability to translate technical information
  • ITIL training/ certifications
  • Lean Sigma or Six-Sigma training/experience
  • Vendor management experience
  • Familiarity with FDA and FTC regulations,  HIPAA, PIPEDA, US Patriot Act,  EU 95/46 and GDPR, Breach Notification laws, ISO and other standards bodies and international standards


Physical capabilities to perform the job:

  • The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • While performing the duties of this job, the employee is regularly required to be independently mobile.  The employee is also required to use a computer, and communicate with peers and co-workers.
  • Travel < 15%.


The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The above description is intended to describe the general content, identify the essential functions of, and requirements for the performance of this job. It is not to be construed as an exhaustive statement

Application Submission Information: